-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't require token
when using auth logins
#130
Comments
I also tried this: import * as vault from "@pulumi/vault";
const provider = new vault.Provider("approle", {
token: undefined as unknown as string,
address: vault.config.address!,
namespace: vault.config.namespace,
authLogins: [{
path: `/auth/approle/login`,
namespace: vault.config.namespace,
parameters: {
role_id: process.env.VAULT_APP_ROLE_ID!,
secret_id: process.env.VAULT_APP_ROLE_SECRET_ID!
}
}]
});
const ns1 = new vault.Namespace("ns1", {
path: "ns1"
}, { provider }); but: $ pulumi up
Previewing update (seed):
Type Name Plan Info
pulumi:pulumi:Stack infra-seed 1 error
Diagnostics:
pulumi:pulumi:Stack (infra-seed):
error: Running program '/app/pulumi/infra' failed with an unhandled exception:
Error: Missing required property 'token'
at new Provider (/app/pulumi/infra/node_modules/@pulumi/provider.ts:45:23)
[...] etc... |
This actually works, but it's quite confusing: const vaultAppRoleLoginConfig: vault.types.output.config.AuthLogins = {
path: `/auth/approle/login`,
namespace: vault.config.namespace,
parameters: {
role_id: process.env.VAULT_APP_ROLE_ID!,
secret_id: process.env.VAULT_APP_ROLE_SECRET_ID!
}
};
export const vaultProvider = new vault.Provider("approle", {
token: "you literally have to write some crap here, otherwise it will not work",
address: vault.config.address!,
namespace: vault.config.namespace,
authLogins: [vaultAppRoleLoginConfig]
}); This would turn this bug into a minor one: |
Thanks for the suggestion. As there's no actual bug in functionality, I'm going to re-mark this issue as an enhancement. |
error: no vault token found
token
when using auth logins
I think this should be considered a bug, and not an enhancement, because the documentation says:
The issue is because the See https://github.com/pulumi/pulumi-vault/blob/master/sdk/python/README.md#configuration |
Just to add, when you run |
Hello!
Issue details
The login with
approle
method doesn't work as described in https://registry.terraform.io/providers/hashicorp/vault/latest/docs#example-auth_login-usageSteps to reproduce
The project doc says the
VAULT_TOKEN
is required, but according to the go-code, it shouldn't be required.and
Expected:
Actual:
The text was updated successfully, but these errors were encountered: